Data Protection Bill approved by Cabinet: Content, concerns

Data Protection Bill approved by Cabinet: Content, concerns

Context- Nearly six years after the Supreme Court held privacy to be a fundamental right, the Centre has made a second attempt at framing legislation for protection of data.

The Digital Personal Data Protection Bill, 2022, a draft of which was floated in November, is expected to be tabled in Parliament’s Monsoon Session that begins on July 20. The Union Cabinet approved the draft Bill on Wednesday.

The Bill, once it becomes law, will play a crucial role in India’s trade negotiations with other nations, and especially regions like the European Union, whose General Data Protection Rules (GDPR) are among the world’s most exhaustive privacy laws.

(Credits- Indian Express)

What is the significance of a privacy law?

• The Digital Personal Data Protection Bill, 2022, is a crucial pillar of the overarching framework of technology regulations the Centre is building, which also includes the Digital India Bill — the proposed successor to the Information Technology Act, 2000, the draft Indian Telecommunication Bill, 2022, and a policy for non-personal data governance.
• Last August, the government withdrew from Parliament an earlier version of the data protection Bill that had been almost four years in the making, after it had gone through multiple iterations and a review by a Joint Committee of Parliament, and faced pushback from a range of stakeholders including tech companies and privacy activists.
• The proposed law will apply to processing of digital personal data within India; and to data processing outside the country if it is done for offering goods or services, or for profiling individuals in India.
• It requires entities that collect personal data — called data fiduciaries — to maintain the accuracy of data, keep data secure, and delete data once their purpose has been met.
• The highest penalty — to be levied for failing to prevent a data breach — has been prescribed at Rs 250 crore per instance, it is learnt.

What are the concerns around the draft Bill?

• Wide-ranging exemptions for the central government and its agencies, which were among the most criticised provisions of the previous draft, are understood to have been retained unchanged.
• The Bill is learnt to have prescribed that the central government can exempt “any instrumentality of the state” from adhering to the provisions on account of national security, relations with foreign governments, and maintenance of public order among other things.
• The control of the central government in appointing members of the data protection board — an adjudicatory body that will deal with privacy-related grievances and disputes between two parties — is learnt to have been retained as well.
• There is also concern that the law could dilute the Right to Information (RTI) Act, as personal data of government functionaries is likely to be protected under it, making it difficult to be shared with an RTI applicant.

What changes are likely?

• A key change in the final draft is learnt to have been made in the way it deals with cross-border data flows to international jurisdictions — moving from a ‘whitelisting’ approach to a ‘blacklisting’ mechanism i.e. proposed law could allow global data flows by default to all jurisdictions other than a specified ‘negative list’ of countries.
• A provision on “deemed consent” in the previous draft could also be reworded to make it stricter for private entities, while allowing government departments to assume consent while processing personal data on grounds of national security and public interest.

How does India’s proposal compare with other countries?

• An estimated 137 out of 194 countries have put in place legislation to secure the protection of data and privacy, according to the United Nations Conference on Trade and Development (UNCTAD), an intergovernmental organization within the United Nations Secretariat.
• Africa and Asia show 61% (33 countries out of 54) and 57% (34 countries out of 60) adoption respectively. Only 48% of Least Developed Countries (22 out of 46) have data protection and privacy laws.

Conclusion- The Digital Personal Data Protection Bill, 2022, is a crucial pillar of the overarching framework of technology regulations the Centre is building, which also includes the Digital India Bill — the proposed successor to the Information Technology Act, 2000, the draft Indian Telecommunication Bill, 2022, and a policy for non-personal data governance.

Syllabus- GS-2; Privacy; Laws

Source- Indian Express